CVE-2023-2868 PoC — Barracuda Email Security Gateway 命令注入漏洞

Source

https://github.com/cfielding-r7/poc-cve-2023-2868

Associated Vulnerability

Title:Barracuda Email Security Gateway 命令注入漏洞 (CVE-2023-2868)
Description:Barracuda Email Security Gateway是Barracuda公司的一种电子邮件安全网关，可管理和过滤所有入站和出站电子邮件流量，以保护组织免受电子邮件威胁和数据泄露。 Barracuda Email Security Gateway 5.1.3.001到9.2.0.006版本存在安全漏洞，该漏洞源于用户提供的tar文件存在问题，攻击者利用该漏洞可以远程执行系统命令。

Readme

# CVE-2023-2868: Barracuda ESG Command Injection 

For full details, read our [AttackerKB Analysis](https://attackerkb.com/topics/2Z0CWopGPX/cve-2023-2868/rapid7-analysis). 

## Usage
Set LHOST and RHOST variables to your listener.

```ruby poc_cve_2023_2868.rb <TARGET_IP>```

This will spawn a reverse shell.

File Snapshot


 [4.0K]  /data/pocs/9e72ce65ebb06b52a0da66d952e52116533cf6ad
├── [2.5K]  poc_cve_2023_2868.rb
└── [ 310]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!